Jan. 14 (Bloomberg) -- Neiman Marcus Group Ltd. is being
investigated by states including Connecticut and Illinois over
the theft of customer credit-card data by hackers, and a bank
sued Target Corp. for its data breach during the holiday season.

Connecticut Attorney General George Jepsen and Illinois
Attorney General Lisa Madigan, whose offices are already leading
a multistate investigation in the Target breach, are also
looking into the hack of Dallas-based Neiman Marcus, which said
on Jan. 10 that some unauthorized purchases may have been made
with credit cards.

The two breaches complicate matters for retailers already
struggling to attract hesitant shoppers and cutting forecasts
after engaging in a margin-eating price war during the holiday
shopping season.

“At this point we cannot speak for any other states, but
Connecticut will be looking into the Neiman Marcus breach and,
to the extent that we become aware of breaches at other
retailers, we will be looking those as well,” Jaclyn Falkowski,
a spokeswoman for Jepsen’s office, said in an e-mail.

Madigan’s office is also looking into the Neiman Marcus
breach, said her spokeswoman, Maura Possley, in an e-mail.
Indiana Attorney General Greg Zoeller is aware of the situation
and investigating to determine the extent of harm to consumers
in the state, Erin Reece, a spokeswoman for Zoeller, said in an
e-mail. Neiman Marcus has five stores in Illinois and none in
Connecticut or Indiana, according to its website.

Target Probe

Other states involved in the Target probe include Florida,
Iowa, Massachusetts and Pennsylvania, spokespersons for those
states’ attorneys general confirmed yesterday.

Democratic U.S. Senators Claire McCaskill of Missouri and
Jay Rockefeller of West Virginia today made public a letter they
sent jointly to Target on Jan. 10 requesting a briefing on the
data breach from the retailer’s information security officials.

The senators serve on the Committee on Commerce, Science
and Transportation.

“We have been advocates for data security and breach
notification legislation that would better protect consumers and
improve corporate responsibility,” Rockefeller and McCaskill
wrote. “Target’s recent incident demonstrates the need for such
federal legislation.”

Molly Snyder, a spokeswoman for Target, said the company
has received the senators’ letter and will “work with them and
other elected officials to keep them informed and updated as our
investigation continues,” according to an e-mailed statement.

Compromised Accounts

Ginger Reeder, a spokeswoman for Neiman Marcus in Dallas,
said in an e-mail that while she was unaware of any state
attorney general investigations, the company would “fully
cooperate with any and all” of them.

Target, based in Minneapolis, said last month that as many
as 40 million customer credit- and debit-card accounts were
compromised. The retailer on Jan. 10 broadened its description
of the breach, saying that names as well as home and e-mail
addresses for as many as 70 million people were stolen. The
company said the second theft may have affected anyone who
provided basic information to the retailer during the past
several years.

Within a week of Target’s disclosure about the breach, the
company was facing almost two dozen lawsuits filed by customers.
Yesterday, Putnam, Connecticut-based Putnam Bank filed a suit
claiming that the security breakdown cost it money because it
forced the bank to issue customer alerts and new cards while
reimbursing account-holders for their own losses.

Federal Complaint

Target failed to tell its own customers about the security
breach until four weeks after it occurred, according to the
bank’s complaint, filed in federal court in Minneapolis.

The bank seeks to represent a class of financial
institutions that have suffered similar injury as a result of
the breach. It is demanding unspecified money damages for the
retailer’s alleged negligence, for failure to comply with
commercial credit card operating regulations governing customer
data and for breach of contract.

Snyder declined to comment on the lawsuit.

The Target breach is being probed by the “vast majority”
of attorneys general in the U.S., said Andrew Friedman, a
spokesman for New York Attorney General Eric Schneiderman, who
yesterday urged residents of his state to take advantage of free
credit-monitoring and identity-theft protection services offered
by the retailer.

Schneiderman said in a statement yesterday that his
office’s Consumer Protection Bureau is also looking into reports
of security breaches at other retailers and called on those
companies, which weren’t identified in the statement, to offer
free consumer protections to customers.

Friedman declined in a phone interview to name the other
retailers and wouldn’t comment when asked if Neiman Marcus is
one of them.

The Putnam lawsuit is Putnam Bank v. Target Corp., 14-cv-00121, U.S. District Court, District of Minnesota
(Minneapolis).

To contact the reporters on this story:
Chris Dolmetsch in New York State Supreme Court in Manhattan at